import pymysql, hashlib

username = input("请输入用户名：")
password = input("请输入密码：")
# 对密码进行md5加密
h = hashlib.md5()
h.update(password.encode('utf-8'))
password = h.hexdigest()
print(password)
# 打开一个数据库连接,获取一个db对象
db = pymysql.connect(host='localhost', user='root', password='123456', database='test', port=3306, charset='utf8')
cursor = db.cursor()  # 获取游标对象
# sql = "select * from user where username='%s' and password='%s'" % (username, password) 这种写法会导致sql注入
sql = 'select * from user where username=%s and password=%s'
print(sql)
cursor.execute(sql, (username, password))
cursor.close()
db.commit()
users = cursor.fetchall()
db.close()

if not users:
    print("用户名错误。")
else:
    print("欢迎回来%s" % username)
